Unable to use snmpv3 despite correct network configuration

SNMP4J
1

Hey,

I am trying to build a Java application that manages some switches. For now, I am trying to query a single value via SNMP4J. I have a working example using SNMPv2, and I can query the switch for the value via the net-snmp console tools. This command gives me the correct value:

snmpget -v3 -l AuthPriv -u snmpuser -a MD5 -A "foo#Bar0815" -x DES -X "foo#Bar0815" 10.1.0.4:161 1.3.111.2.802.1.1.30.1.2.1.1.8.1.1

This means that my switch and network is setup correctly. However, the following code always results in a null response:

public static void getAdminCycleTimeNumeratorv3() throws IOException
{
    String  ipAddress  = "10.1.0.4";
    String  port    = "161"; 
    String  oidValue  = "1.3.111.2.802.1.1.30.1.2.1.1.8.1.1";  
    int     snmpVersion  = SnmpConstants.version3;
 
    TransportMapping transport = new DefaultUdpTransportMapping();
    Snmp snmp = new Snmp(transport);

    USM usm = new USM(
        SecurityProtocols.getInstance(),
        new OctetString(MPv3.createLocalEngineID()),
        0
    );

    SecurityModels.getInstance().addSecurityModel(usm);

    transport.listen();

    // Set the target
    UserTarget target = new UserTarget();
    target.setAddress(GenericAddress.parse("udp:10.1.0.4/161"));
    target.setRetries(2);
    target.setTimeout(2000);
    target.setVersion(SnmpConstants.version3);
    target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
    target.setSecurityName(new OctetString("snmpuser"));

    // Set the security settings
    snmp.getUSM().addUser(
        new OctetString("snmpuser"),
        new UsmUser(
            new OctetString("snmpuser"),
            AuthMD5.ID,
            new OctetString("foo#Bar0815"),
            PrivDES.ID,
            new OctetString("foo#Bar0815")
        )
    );

    // Create PDU
    PDU pdu = new ScopedPDU();
    pdu.add(new VariableBinding(new OID(oidValue))); 
    pdu.setType(PDU.GET);

    System.out.println("Sending SNMP Request");
    ResponseEvent response = snmp.get(pdu, target);

    // Process Agent Response
    if (response != null)
    {
        PDU responsePDU = response.getResponse();

        if (responsePDU != null)
        {
            int errorStatus = responsePDU.getErrorStatus();
            int errorIndex = responsePDU.getErrorIndex();
            String errorStatusText = responsePDU.getErrorStatusText();

            if (errorStatus == PDU.noError)
            {
                System.out.println("Snmp Get Response = " + responsePDU.getVariableBindings());
            }
            else
            {
                System.out.println("Error: Request Failed");
                System.out.println("Error Status = " + errorStatus);
                System.out.println("Error Index = " + errorIndex);
                System.out.println("Error Status Text = " + errorStatusText);
            }
        }
        else
        {
            System.out.println("Error: Response PDU is null");
        }
    }
    else
    {
        System.out.println("Error: Agent Timeout");
    }
     
    snmp.close();
}

The same code with SNMPv2c - CommunityTarget instead of UserTarget, PDU instead of ScopedPDU - does work just fine.

I have no idea on how to proceed from here, I´d greatly appreciate any help.

2

Have you explicitly activated MD5?
It is not active/added by default because it is not safe anymore.

4

Do you mean activating MD5 on the switch? The snmpuser is setup to use MD5, and it does work with the net-snmp tools. I also tried it with SHA, but I am getting the same result.

5

No, I meant the following:
https://doc.snmp.app/display/SNMP4J/Upgrading+from+SNMP4J+2.x+to+3.x

SecurityProtocols.addAuthenticationProtocol( new AuthSHA());
SecurityProtocols.addAuthenticationProtocol( new AuthMD5());

6

Thanks a bunch! I totally missed this, now everything I´m trying to do works just fine.

I don´t think I would have figured this out on my own.